Navigate

CCI-001358

CCI-001358 Definition

Establish privileged user accounts in accordance with a role-based access scheme; or an attribute-based access scheme.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

Determine if privileged user accounts are established and administered in accordance with [AC-02(07)_ODP; one of the following PARAMETER VALUES is selected: {a role-based access scheme; an attribute-based access scheme}].

Validation Procedures

Examine: [SELECT FROM: Access control policy; procedures addressing account management; system design documentation; system configuration settings and associated documentation; system-generated list of privileged user accounts and associated roles; records of actions taken when privileged role assignments are no longer appropriate; system audit records; audit tracking and monitoring reports; system monitoring records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with account management responsibilities; system/network administrators; organizational personnel with information security responsibilities]. Test: [SELECT FROM: Mechanisms implementing account management functions; mechanisms monitoring privileged role assignments].

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001358.

Control	Description
AC-2(7)	(a): Establish and administer privileged user accounts in accordance with [one of "a role-based access scheme"/"an attribute-based access scheme"]; (b): Monitor privileged role or attribute assignments; (c): Monitor changes to roles or attributes; and (d): Revoke access when privileged role or attribute assignments are no longer appropriate.